Privacy Policy

[1. Introduction](#1-introduction)

[2. Information We Collect](#2-information-we-collect)

[3. How We Use Your Information](#3-how-we-use-your-information)

[4. Data Storage & Security](#4-data-storage--security)

[5. Third-Party Services](#5-third-party-services)

[6. Children's Privacy](#6-childrens-privacy)

[7. Data Retention](#7-data-retention)

[8. Your Rights](#8-your-rights)

[9. International Data Transfers](#9-international-data-transfers)

[10. Cookies & Tracking](#10-cookies--tracking)

[11. Changes to This Policy](#11-changes-to-this-policy)

[12. Contact Us](#12-contact-us)

---

**Effective Date:** 21 April 2026

**Last Updated:** 21 April 2026

1. Introduction

This Privacy Policy describes how Novarly, a sole trader based in England, United Kingdom ("we," "us," or "our"), collects, uses, and protects your information when you use the ThreeLines mobile application ("ThreeLines," "the App," or "our App").

ThreeLines is a minimalist daily journaling application designed to help you capture what matters most by writing exactly three lines each day. We are committed to protecting your privacy and being transparent about our data practices.

This Privacy Policy applies to all users of ThreeLines, regardless of where you access or use the App. By downloading, installing, or using ThreeLines, you agree to the collection and use of information in accordance with this Privacy Policy.

We respect the personal and private nature of journaling. As such, we have designed ThreeLines with privacy-first principles, collecting only the minimum information necessary to provide and improve our service.

2. Information We Collect

### 2.1 Information You Provide Directly

**Journal Entries:** The primary data you provide to ThreeLines consists of your daily journal entries—the three lines you write each day. These entries are stored locally on your device and may be synced to our secure cloud storage if you enable the optional cloud backup feature.

**Account Information:** If you create an account for cloud backup functionality, we collect:

Email address

Encrypted account credentials

Account preferences and settings

### 2.2 Information Collected Automatically

**Usage Analytics:** We collect anonymous, aggregated analytics to understand how ThreeLines is used and to improve the App. This includes:

App launch frequency and session duration

Feature usage patterns (which screens are visited, how often)

Performance metrics (app load times, response times)

General device information (device type, operating system version, app version)

**Crash Reports:** When ThreeLines experiences technical issues, we automatically collect crash reports containing:

Technical error information and stack traces

Device model and operating system version

App version and configuration at time of crash

Anonymous device identifiers

**Device Information:** We collect limited device information for app functionality:

Device timezone for accurate date tracking

Device language and locale settings

Screen resolution for optimal display formatting

Available storage space for data management

### 2.3 Information We Do NOT Collect

We want to be clear about what we do not collect:

We do not read, analyze, or share the content of your journal entries

We do not collect your name, phone number, or postal address

We do not access your device's contacts, photos, or other personal files

We do not track your location or use location services

We do not collect biometric data

3. How We Use Your Information

### 3.1 Primary Uses

**Providing Core Functionality:** Your journal entries are used solely to provide ThreeLines' core functionality—allowing you to write, edit, view, and organize your daily three-line entries.

**Cloud Backup Service:** If enabled, we use your account information and journal entries to provide secure cloud backup and synchronization across your devices.

**App Improvement:** We use anonymous usage analytics and crash reports to:

Identify and fix bugs and technical issues

Understand which features are most valuable to users

Optimize app performance and user experience

Develop new features that align with user needs

**Customer Support:** We use your contact information to respond to support requests, troubleshoot issues, and provide assistance with ThreeLines.

### 3.2 Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing personal data includes:

Contractual necessity: Processing required to provide ThreeLines' services

Legitimate interests: Improving app functionality, security, and user experience

Consent: For optional features like analytics (where consent is withdrawn, we cease processing)

4. Data Storage & Security

### 4.1 Local Storage

**Primary Storage:** Your journal entries are primarily stored locally on your device using encrypted storage mechanisms provided by your operating system (iOS Keychain, Android Keystore).

**Encryption:** All journal content stored locally is encrypted using industry-standard encryption protocols. The encryption keys are managed by your device's secure storage systems and are not accessible to us.

### 4.2 Cloud Storage

**Optional Backup:** If you enable cloud backup, your encrypted journal entries are stored on secure cloud infrastructure. Even in our cloud storage, your journal entries remain encrypted, and we do not have the ability to decrypt and read your personal content.

**Geographic Location:** Cloud data is stored in data centers located in the European Union and United Kingdom, ensuring compliance with regional data protection requirements.

**Infrastructure Security:** Our cloud storage infrastructure implements:

End-to-end encryption for data in transit and at rest

Multi-factor authentication for administrative access

Regular security audits and penetration testing

Automated backup and disaster recovery systems

### 4.3 Access Controls

**Internal Access:** Access to any personal data is strictly limited to authorized personnel who require access to provide technical support or maintain the service. All access is logged and monitored.

**Third-Party Access:** We do not provide third parties with access to your personal data except as described in this Privacy Policy or as required by law.

5. Third-Party Services

ThreeLines integrates with carefully selected third-party services to provide functionality and improve our service. Each service has its own privacy policy governing their data practices.

### 5.1 Analytics Services

**Service:** We use privacy-focused analytics services to understand app usage patterns.

**Data Shared:** Anonymous, aggregated usage statistics and crash reports

**Privacy Policy:** [Analytics Provider Privacy Policy]

**Opt-Out:** You can disable analytics in ThreeLines' settings

### 5.2 Cloud Infrastructure

**Service:** Cloud hosting for optional backup functionality

**Data Shared:** Encrypted journal entries and account information (when backup is enabled)

**Privacy Policy:** [Cloud Provider Privacy Policy]

**Security Certifications:** SOC 2, ISO 27001 compliant

### 5.3 Payment Processing

**Service:** App store payment processing for premium features

**Data Shared:** Transaction information is processed by Apple App Store or Google Play Store

**Privacy Policies:**

[Apple Privacy Policy](https://www.apple.com/privacy/)

[Google Privacy Policy](https://policies.google.com/privacy)

6. Children's Privacy

### 6.1 Age Restrictions

ThreeLines is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age.

### 6.2 Parental Consent

If we discover that we have collected personal information from a child under 13 without parental consent, we will take immediate steps to delete such information from our systems.

### 6.3 Parental Rights

Parents or legal guardians who believe their child under 13 has provided personal information to ThreeLines may contact us at threelines.support@novarly.com to request deletion of such information.

7. Data Retention

### 7.1 Journal Entries

**Local Storage:** Journal entries stored on your device remain there until you delete them or uninstall ThreeLines.

**Cloud Backup:** If you use cloud backup, your journal entries are retained for as long as your account remains active, plus an additional 90 days after account closure to allow for account recovery.

### 7.2 Account Information

**Active Accounts:** Account information is retained while your account is active and you continue to use ThreeLines.

**Closed Accounts:** After account closure, we retain minimal account information for 12 months for security and fraud prevention purposes, then permanently delete all associated data.

### 7.3 Analytics and Technical Data

**Usage Analytics:** Anonymous analytics data is retained for up to 24 months to identify long-term usage trends and inform product development.

**Crash Reports:** Technical crash reports are retained for up to 12 months to identify and resolve recurring technical issues.

8. Your Rights

Under data protection laws, including the General Data Protection Regulation (GDPR), you have several rights regarding your personal data.

### 8.1 Right of Access

You have the right to request access to the personal data we hold about you. You can view most of your data directly within ThreeLines, including all your journal entries and account settings.

### 8.2 Right to Rectification

You can correct or update your personal information at any time through ThreeLines' settings. For journal entries, you have full control to edit or update any content.

### 8.3 Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data by:

Deleting individual journal entries within the app

Closing your account through app settings

Contacting us directly to request complete data deletion

### 8.4 Right to Data Portability

You can export your journal entries in a standard format (JSON, plain text) through ThreeLines' export feature, allowing you to transfer your data to other services.

### 8.5 Right to Restrict Processing

You can request that we limit how we process your personal data by disabling optional features like analytics or cloud backup.

### 8.6 Right to Object

You have the right to object to processing based on legitimate interests. You can opt out of analytics and other non-essential processing through app settings.

### 8.7 Exercising Your Rights

To exercise any of these rights, contact us at threelines.support@novarly.com. We will respond to your request within 30 days and may require verification of your identity to protect your privacy.

9. International Data Transfers

### 9.1 Data Location

Your personal data may be transferred to and processed in countries other than your country of residence. We ensure that such transfers are protected by appropriate safeguards.

### 9.2 Safeguards for EU Users

For users in the European Union, any international data transfers are protected by:

Adequacy decisions by the European Commission

Standard Contractual Clauses (SCCs) approved by the European Commission

Binding Corporate Rules where applicable

### 9.3 Your Rights Regarding Transfers

EU users have the right to obtain information about international transfers and to object to transfers that are not adequately protected.

10. Cookies & Tracking

### 10.1 Mobile App Tracking

ThreeLines does not use traditional web cookies, as it is a native mobile application. However, we use similar technologies for functionality and analytics.

### 10.2 Device Identifiers

**Anonymous Analytics:** We may use anonymous device identifiers for analytics purposes. These identifiers cannot be used to personally identify you.

**Advertising:** ThreeLines does not display advertisements and does not use advertising tracking technologies.

### 10.3 Opt-Out Options

You can control tracking and analytics through:

ThreeLines app settings (disable analytics)

Device-level settings (limit ad tracking, reset advertising ID)

Operating system privacy controls

11. Changes to This Policy

### 11.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

### 11.2 Notification of Changes

**Significant Changes:** For material changes that affect your rights or our data practices, we will:

Notify you through the ThreeLines app

Send an email notification to registered users

Provide 30 days notice before changes take effect

**Minor Changes:** For minor updates (such as clarifications or administrative changes), we will update the "Last Updated" date and notify users through the app.

### 11.3 Continued Use

Your continued use of ThreeLines after any Privacy Policy changes indicates your acceptance of the updated policy. If you disagree with changes, you may stop using ThreeLines and request deletion of your data.

12. Contact Us

### 12.1 Privacy Questions

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

**Email:** threelines.support@novarly.com

**Response Time:** We aim to respond to all privacy inquiries within 5 business days

### 12.2 Data Protection Officer

For EU users with data protection questions, you may contact our Data Protection Officer at the email address above, clearly marking your email "ATTN: Data Protection Officer."

### 12.3 Regulatory Complaints

EU users have the right to lodge a complaint with their local data protection authority if they believe their data protection rights have been violated.

**UK Users:** Information Commissioner's Office (ICO) - ico.org.uk

**EU Users:** Your local Data Protection Authority

---

This Privacy Policy is effective as of 21 April 2026 and was last updated on 21 April 2026.

By using ThreeLines, you acknowledge that you have read and understand this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.